News and History of the PNG Development Group from 2008

Herein lie news items and historical stuff primarily of interest to the
Portable Network Graphics Development Group itself. Feel free to poke
around even if you're not a member, though. Note that some of the links,
particularly the older ones, are broken; in some cases this is explained by
later entries. Other links (CompuServe, tcg.arl.mil) have fallen prey to
reorganizations or upgrades; should they ever reappear, the entries below
will be updated as needed.

18 December 2008 - libpng 1.2.34 is
released with fixes for a double-free bug in text chunks and for a
shortcoming involving transformations (both when writing PNGs).

31 October 2008 - libpng 1.2.33 is
released with a fix for a memory leak after reading a malformed tEXt
chunk.

18 September 2008 - libpng 1.2.32 is
released with a fix for another bug introduced in 1.2.30, a
zTXt crash bug
(CVE-2008-3964), as well as a minor
bug related to the tIME chunk. :-(

21 August 2008 - libpng 1.2.31 is
released with a fix for a bug, introduced in 1.2.30, involving
reading the cHRM (chromaticity) chunk.

15 August 2008 - libpng 1.2.30 is
released with minor fixes, including a fix for a memory leak on
read-errors.

8 May 2008 - Oops2. libpng
1.2.29 is released--again with no code changes, just fixes to the
configure-related build-scripts.

2 May 2008 - The dSIG digital-signature chunk, proposed by
Thomas Kopp of Dialogika, is formally approved by the PNG Development
Group. The official version will be linked from the PNG documents page shortly; for now, the proposed specification (i.e., what was voted on) is available.

30 April 2008 - Oops. libpng 1.2.28 is
released. It contains no code changes (beyond the version number),
but the configure-related build-scripts are rebuilt with autoconf 2.61
to avoid some backward incompatibilities caused by version 2.62.

28 April 2008 - libpng 1.2.27 is
released. It contains a security fix that affects programs that attempt
to do special handling of unknown PNG chunks (presumably very few such
programs), along with a reversion to previous behavior for handling of
images with out-of-range tRNS-chunk values, a fix for unintentional
gray-to-RGB conversion in png_set_expand_gray_1_2_4_to_8(),
and various other minor fixes. The configure script is also updated
to one of the newer versions of autoconf (2.62).

28 April 2008 - WebSiteOptimization.com claims that use of PNG images on
web pages increased from 7.2% in 2006 to 32.2% in 2007...although such
a large jump in one year--a relatively uninteresting one at that, and
roughly a decade after PNG became widely supported in browsers--seems
a tad...surprising. On the other hand, it did take Microsoft more than
a decade to release a browser with good PNG support (that is,
IE 7.0 in October 2006), so perhaps that explains it.

2 April 2008 - libpng 1.2.26 is
released with minor fixes. It adds a check for incorrect IHDR length
to the progressive reading code, and Greg's pngbook sample code
(contrib/gregbook) is updated to handle unexpected end-of-file
and file-read-error conditions correctly.

18 February 2008 - libpng 1.2.25 is
released. It fixes a double-gamma-correction bug on colormapped images
with partially transparent palette entries, as well as a number of
problems (believed to be benign) found by the Coverity static-analysis
tool (a.k.a. "Stanford Checker").